3,085 questions
I retract this question, the cause of the problem was user error, somehow UMCI got unchecked on the policy.
Signing an audit App Control for Business (WDAC) Policy Doesn't Log Events?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 80%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Cyber Person Man
10
Reputation points
Hello,
We have several App Control for Business policies deployed on our fleet of machines, several of them are signed and enforced.
We had one policy in audit mode (unsigned), and the Code Integrity logs for this policy came in just fine. No issues for months.
We decided to sign it and leave it in audit mode -- however, signing the audit policy caused events to not be logged anymore.
We've verified that the policy is "signed","authorized", and "enforced" using the CiTool.
Can someone confirm that signed, audit, app control policies should be logging things?
Thanks!
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Microsoft Security | Intune | Security
504 questions
Windows for business | Windows Client for IT Pros | User experience | Other
Microsoft Security | Intune | Other
5,571 questions
2 answers
Sort by: Most helpful
-
-
Cyber Person Man 10 Reputation points
2024-11-15T20:43:24.0166667+00:00 [Deleted ]